ClawHub

跌倒检测视频版技能

Security checks across malware telemetry and agentic risk

Overview

This fall-detection skill needs review because it handles sensitive home-safety video and user identifiers while also bundling broader health/face-analysis behavior and local token storage that are not clearly scoped.

Review before installing. Use it only if you are comfortable sending fall-detection videos or video URLs to the publisher's cloud service, associating reports with a user identifier, and allowing local storage of user/account tokens. Ask the publisher to separate fall detection from face/health analysis, document retention and deletion, and remove the api-key-as-open-id behavior.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (20)

Intent-Code Divergence

High
Confidence
97% confidence
Finding
The documented API behavior materially conflicts with the skill's stated purpose: a fall-detection skill is instead described as sending videos to a generic remote analysis endpoint that returns face-detection and health/diagnostic results. This mismatch is dangerous because it suggests undeclared collection and processing of sensitive biometric and health-related data, which could enable privacy violations, unauthorized profiling, or deceptive data handling beyond user expectations.

Description-Behavior Mismatch

High
Confidence
96% confidence
Finding
The API documentation explicitly describes broad face detection, constitution analysis, organ-condition inference, and health warnings, all of which exceed the manifest's claimed fall-detection functionality. In the context of a safety-monitoring skill for elderly people, this is especially risky because it expands processing into highly sensitive biometric and medical-style inference without clear necessity, increasing the chance of privacy harm and misuse.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The script exposes a history-listing function via `show_analyze_list(open_id)` that goes beyond the stated fall-detection video analysis purpose. If this capability is not disclosed in the skill metadata or gated by strong authorization checks, users or integrators may unknowingly access prior analysis records, creating a privacy and data-minimization issue.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The CLI requires `--open-id` and describes it broadly as OpenID, user ID, username, or phone number, which encourages collection of multiple forms of personally identifiable information unrelated to the narrow task of fall detection. Using a phone number or username as a general-purpose identifier increases privacy risk, enables correlation across systems, and may violate least-privilege/data-minimization principles.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
This file defines persistent local storage and mutation for user-account data, which is outside the stated purpose of a fall-detection video-analysis skill. In a safety-monitoring context, collecting and storing unrelated identity data expands the privacy and attack surface, especially when users would not reasonably expect account management behavior from this skill.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The User model stores authentication-like tokens, open_token, email, birthday, age, and sex, none of which are necessary for basic fall detection. Persisting sensitive personal and token data in a local SQLite database increases the consequences of compromise and creates a mismatch between the advertised function and the actual data handling.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
This shared utility implements broad authenticated API access, token management, retry logic, and account lifecycle behavior that goes well beyond a fall-detection video analysis skill. In this skill context, such generalized backend access expands the attack surface and creates opportunities for unauthorized data access, unintended account actions, and misuse of stored credentials if the utility is invoked by other code paths.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The code can automatically register or log in a user by posting mobile/openId data to a health platform endpoint without clear user consent or a purpose tied to video fall detection. That is dangerous because it can create or access accounts implicitly, transmit personal identifiers externally, and bind skill execution to backend identities the user may not expect.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
The utility persists token, openToken, and user profile data returned from the remote service into local storage, which is not justified by the stated fall-detection purpose. Persistent storage of authentication artifacts increases the blast radius of compromise and can enable long-term account takeover or unauthorized API use if the host or database is exposed.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The default trigger activates on general requests involving video fall detection, which is broad enough to cause unintended execution in ambiguous contexts. In a safety-monitoring skill that may save files and contact remote services, accidental activation can lead to unnecessary data handling and privacy exposure.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The history-query keywords are broad and auto-trigger report retrieval without sufficient scope checks, increasing the chance that casual phrasing will fetch potentially sensitive historical reports. Because the reports concern in-home elder monitoring, unintended disclosure carries elevated privacy risk.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The skill describes remote notifications and API-based analysis but does not clearly warn users that sensitive home-surveillance video and derived report data may be sent to external services. Users may provide highly sensitive footage without informed consent about transmission, storage, or retention.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The skill states that uploaded attachments or videos will automatically be saved as local files, but the description does not clearly disclose this behavior to users beforehand. Silent local persistence of sensitive monitoring footage increases the risk of later exposure through other tools, users, or system processes.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The documentation instructs users to upload video files or provide public video URLs to an external API but does not clearly warn that this data is transmitted to a remote server for analysis. Because the skill targets in-home monitoring of elderly individuals, the omitted disclosure increases the risk of silent exfiltration of intimate household footage and undermines meaningful user consent.

Natural-Language Policy Violations

Medium
Confidence
90% confidence
Finding
The response schema includes medical-style outputs such as diagnosis, organ condition, health warnings, and suggestions without any limitation, disclaimer, or explicit user opt-in. Presenting these inferences as routine output can mislead users into relying on unvalidated medical conclusions and exposes highly sensitive health-related information beyond the skill's stated purpose.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The code reads arbitrary local file contents and transmits them to a remote analysis service without any visible user confirmation, notice, or consent mechanism in this file. In a safety-monitoring context involving home video, this can expose highly sensitive footage and metadata, creating privacy and data-handling risk if users do not clearly understand that local files are uploaded off-device.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
This skill performs network-backed analysis of sensitive video inputs while accepting local file paths/URLs and a user identifier, but it provides no explicit notice about transmission, storage, or privacy implications. In the context of elderly home safety monitoring, the analyzed videos are especially sensitive, so silently sending them or associated identifiers to backend services materially increases privacy and compliance risk.

Missing User Warnings

Medium
Confidence
78% confidence
Finding
The DAO automatically creates and alters a local database under a workspace-derived path during initialization, causing filesystem writes and schema mutation without any user-facing disclosure. In the context of a video-analysis skill, undisclosed persistence is significant because it can silently create long-lived stores for personal or authentication-related data.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
Sensitive user information obtained during automatic account creation is saved locally without any visible disclosure, consent handling, or data-minimization controls in this file. While this is more of a privacy/security design flaw than an exploit primitive, it still creates risk of unauthorized access to personal and authentication data.

Ssd 3

High
Confidence
98% confidence
Finding
The skill explicitly instructs the agent to read local configuration files and reuse an `api-key` as a user's `open-id`, which crosses a critical boundary between secret service credentials and user identity. This can expose confidential configuration data in normal task flow, enable unauthorized API access or report retrieval, and defeat identity/account separation.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal